Embed Size (px)
Citation preview
Copyright 2015 Alcatel-Lucent. All rights reserved.
Use Case for Network OrchestrationJonas Vermeulen, Nuage Product Management
Meet-up Breda – Orchestration
Copyright 2015 Alcatel-Lucent. All rights reserved.
Nuage Networks
Software Defined Networking
Internet
Cloud Technologies Networking at scale Policy BasedSolutions
Proven by success with Enterprises and Service Providers
Leader in Software Defined Networking focusing on best of breed, open solutions
Alcatel-Lucent venture
Headquartered in Mountain View, CA – Silicon Valley
VPN VPN
KVM/XEN LXC/Docker
ESXi
nuagenetworks
2
26-11-2015
Copyright 2015 Alcatel-Lucent. All rights reserved.3
Agenda CI/CD for Networking: Dynamic Infrastructure
Deployment with Nuage Networks Use Case – BetFair Demo Conclusion
26-11-2015
Copyright 2015 Alcatel-Lucent. All rights reserved.
CI/CD for Networking: Dynamic Infrastructure Deployment with Nuage Networks
Copyright 2015 Alcatel-Lucent. All rights reserved.5
Example of tools used in CI/CD-Chain
Commit Automated and repeatable-Build of packages-Deployment of infrastructure-Deployment of new package-Unit / Integration / Performance Testing
Package
Repeatable allocation of
Servers, Storage, Network, Security
26-11-2015
Copyright 2015 Alcatel-Lucent. All rights reserved.
Current Situation
Compute is Virtualized
Available in Minutes
Network is Partially Virtualized
Configuration takes Days/Weeks
NetworkConfiguration
Compute Management
New Tenant / Application Request
Auto-instantiation
Compute Request completed in
Minutes
Help DeskChange Control
IP Address
VLAN Address
FirewallConfiguration
LAN (VLAN)Configuration
WAN (IP)Configuration
Security / QATeam
ProjectCoordinator
Network Changecompleted in days/Weeks
00:01
Automating and Securing the Network
6
Copyright 2015 Alcatel-Lucent. All rights reserved.
Compute Management
Tenant / Application RequestNetworking
Security/ Compliance
Auto-instantiation
Compute Request completed in Minutes
00:01
IP Address
WAN interconnect
Policy/Security Zones
L2 /L3 Service AD
Network ChangeCompleted automatically
Service chaining
Template->Instances
Automating and Securing the Network with Nuage
11/30/2015
7Service velocity is not hindered by manual network process
Copyright 2015 Alcatel-Lucent. All rights reserved.
Nuage Virtualized Services Platform
Virtualized Services Directory (VSD)• Network Policy Engine – abstracts complexity• Service templates and analytics
Virtual Routing & Switching (VRS) – OVS Based• Distributed switch / router – L2-4 rules• Integration of bare metal assets
Nuage NetworksVirtualized Services Platform (VSP)
Virtualized Services Controller (VSC)• SDN Controller, programs the network• Rich routing feature set
KVMGateway
ESXI XEN Docker
VSC HA
VSD
IP FabricOverlay Networks
11/30/2015
8
Copyright 2015 Alcatel-Lucent. All rights reserved.9
05/02/2023
Nuage VRS Single OVS Bridge
Is Flow-Based Performs Firewalling, Switching,
Routing, NAT, … Processes ARP, DHCP locally
Does not require Dedicated Network Node for Routing, DNAT, SNAT, DHCP
VRS(Single OVS bridge)
Copyright 2015 Alcatel-Lucent. All rights reserved.
Network FlexibilityExtensibility and Security
Cloud Consumption
Nuage Partner Ecosystem
11/30/2015
10
Copyright 2015 Alcatel-Lucent. All rights reserved.
Use Case – BetFair
Copyright 2015 Alcatel-Lucent. All rights reserved.12
Goal: Define network + security policy in software without knowledge of underlying hardware / infrastructure / technology
Have consistent security policy between Dev/QA/Prod
26-11-2015
---- hosts: localhost connection: local gather_facts: False tasks: - name: Ensure Policy Group for DB’s is defined nu_policygroup: name: pgroup_db parent: "{{ domain.name }}" scope: enterprise: "{{ enterprise.name }}“ present: true register: pgroup_db - name: Create ACL Ingress entry nu_ingress_acl_entry: name: dummy_entry parent: "{{ app1_acllist.name }}" scope: enterprise: "{{ enterprise.name }}" domain: "{{ domain.name }}" src_type: POLICYGROUP src_id: "{{ pgroup_app.name }}" dst_type: POLICYGROUP dst_id: "{{ pgroup_db.name }}" dst_port: "{{ sqlport }}"
Policy-Based Network Programming
Copyright 2015 Alcatel-Lucent. All rights reserved.13
Demo-Time Setup of OpenStack Networks – Visibility in Nuage VSD Deployment of “Lifecycle Environments”
Dev / QA / Prod Projects / Subnets Policy Groups Security Rules
26-11-2015
Copyright 2015 Alcatel-Lucent. All rights reserved.14
Network Design (screenshot)
26-11-2015
Copyright 2015 Alcatel-Lucent. All rights reserved.15
Security Policies (screenshot)
26-11-2015
Copyright 2015 Alcatel-Lucent. All rights reserved.
Conclusions
Copyright 2015 Alcatel-Lucent. All rights reserved.
Conclusions IT organizations require flexible infrastructure Network Orchestration with Nuage is relevant in use cases
revolving around Scalability Multi-DC/Multi-AZ Creation of Dynamic Network + Security Infrastructure Tenant Isolation using L2/L3 VRFs Heterogeneous environments (docker / VM / physical /.…)
17
05/02/2023
Copyright 2015 Alcatel-Lucent. All rights reserved.
THANK YOU
